When creating a standalone software that is going to be working in different kinds of environment that may run from friendly to hostile, it is very important to consider the value of the intellectual property (i.e. algorithms, procedures, data, etc.) that conforms this software. It is difficult to gage and prevent all possible outcomes when the user is in complete control of all your software. The only possible defenses are imbedded into the software leaving this software to its own self-protect features [1-10].
There are many examples of protection against reverse engineering. Wong, et al. describes how code and data in mobile application can be obfuscated in order to protect the code against reverse engineering [11]
Elias, et al. [12] proposes a system and method for updating multiple devices that are coupled to a network by a hub provides a trusted platform module in each of the devices, sends messages from the network to the hub for updating the devices, sends each of the devices messages from the hub to update the device, executes the content of each message in the device to which that message is sent, and deletes each message after it has been executed. Each of the messages preferably includes trusted code, and the device receiving each message executes the trusted code in the trusted platform module. The trusted code may include an update function, an image, and control data, and preferably has integrity. The hub may receive trusted code from a remote server, execute the trusted code to send a message to one of the devices, and then delete the trusted code. They claim that their software cannot be reverse engineered, but do not describe how do they accomplish that. In addition, they do not explain how they handle an intruder that captures their code before being erased.
Lee, et al. [13] show another example comprised of a browser execution module which executes the browser; a memory protection module which, according to the execution of the browser, prevents an external module from accessing a memory area allocated to the browser and detects whether the memory area is tampered or not and whether the executing code is tampered or not; and a browser protection module which prevents another process or module from debugging the browser execution module according to the execution of the browser, and distinguishing several modules loaded to the memory area into acceptable modules and unacceptable modules, and thereby is able to provide a secure electronic transaction based environment against a malicious attack.
Protecting an integrated circuit chip design using obfuscated mode and a normal operating mode depending on application of a key sequence of the key, whereby protection against reverse engineering and cloning is provided by Chakraborty, et al. [14].
Anti-debugging protection of binaries with proxy code execution by Goldsmid, et al. [15]. Is a computer-implemented method for proxy-execution of code to prevent reverse engineering of protected software of an application. Includes a selection of options to thwart reverse engineering by a debugger if a debugger is detected.
Johnson, et al. [16] describes a method for rendering software resistant to reverse engineering by obfuscating and complicating the resulting code.
Lyle, et al. [17] show a method for enabling a set of transmitters and receivers to implement a content protection protocol to prevent determination, by reverse-engineering.
An interesting and different software application by Davila, et al. [18] that comprises a standalone software application that prevents the at least one licensed image from unauthorized re-use. Verification of an authenticated session between the software web browser on local control device and central control device via network.
Rodriguez, et al. [19] describes one or more software components in a standalone software product that functions independently of other software components. Determining that the sign-in credentials are authenticated, granting the user access to all of the one or more software components.
A related idea on how to identify intruders (malware) is described by Costea, et al. [20]. They describe a bypassing software services to detect malware. A computer-implemented method of determining whether a host computer that includes a system memory for storing data that is accessible to a central processing unit is infected with malware that is being hidden by a rootkit. The device that is communicatively connected to the host computer through an external port is a secondary computer with a standalone software application that determines whether the host computer is infected with malware.
There are also multiple technical articles on anti-reverse engineering.
In response to the problems of the Windows executable being reverse-analyzed easily, Luo, et al. [21], introduce the technology of INT3 breakpoint detection and characteristics detection in the tail of the heap in the software anti-dynamic-debugging. When an attacker is trying to attack the program with the debugger, the detection thread will check the existence of the INT3 breakpoint in the head of the key API and the debugging-characteristics in the tail of the heap. If the analysis behavior is confirmed, the program will be terminated. At the same time, the key function will be hidden in exception handlers and the attacker will be unable to follow in the key function.
For a list of anti-reverse engineering techniques, see Joshua Tully webpages [22].
To access unauthorized such codes are easy to decompile, they increase the risks of malicious reverse engineering attacks. Reverse-engineers search for security holes in the program to exploit or try to steal competitors' vital algorithms. Obfuscating code is, therefore, also a compensating control to manage the risks. In this paper Patel, et al. [23], several code obfuscation techniques have been reviewed for technical protection of software secrets. In this paper, large number of such transformations and their classification is described. The transformations are evaluated with respect to their potency, stealth, resilience and cost.
Kumar, et al. [24], did another paper about anti-reverse engineering using obfuscation. While reverse engineering is the process of examining the code, in offensive context the attackers can re-engineer the code, which leads to software piracy. Software anti-tamper technology like obfuscation is used to deter both reverse engineering and re-engineering of proprietary software and software-powered systems.
An Adaptive Standalone Secure Software is not described, mentioned or used in any of the previous patents and technical articles discussed above. For a stand-alone software is important to be adaptive, it is not right to treat all users alike, you want to treat different your friends than your foes. This patent presents a solution and method to create an Adaptive Standalone Secure Software.
Another important difference between previous art and this patent is the fact that this patent includes not only a threat detector, but describes possible responses to detected threats including covert actions, which is an aspect not covered in any previous art.
Our patent is Cyber-Ecologically [25-28] aware. Our Adaptive Standalone Secure Software system will be monitoring internet traffic for the specific user, and select the best times to do the loading or downloading. The Cyber-Ecologically awareness is not addressed in any of the previous Standalone Secure Software art.
Finally, this patent will use adaptive obfuscation for the communication calls from the system Secure web Server to the Standalone Secure Software and on the opposite direction as well. This has never been done on any previous art.